D:\my\1111\KillProcess\objfre\i386\Driver.pdb
Static task
static1
1 signatures
General
-
Target
009f6ad214c358bb6a5be99e26194f27_JaffaCakes118
-
Size
1KB
-
MD5
009f6ad214c358bb6a5be99e26194f27
-
SHA1
eac53b27a7d5ca8fa81cc7f2114a676f6cfe6104
-
SHA256
e354827eb065a2b686c1c2afaf0763568385f6bf486c90aa430c91d77cf67347
-
SHA512
2f8169814b387e078d174a0b7fbf687b2d3e6961900ec05717481af80dda4fcaa8aed7c9f08acd0cd4cc12fad1a55abadea3886141f6f4a6d3b8319687467af9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 009f6ad214c358bb6a5be99e26194f27_JaffaCakes118
Files
-
009f6ad214c358bb6a5be99e26194f27_JaffaCakes118.sys windows:5 windows x86 arch:x86
a94f8faa78b398502ce6c362bc6011e0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwClose
ZwTerminateProcess
ZwOpenProcess
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
Sections
.rdata Size: 256B - Virtual size: 130B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 128B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 640B - Virtual size: 570B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ